Sunday, February 9, 2014

[mcafee] January 2014 #SecChat Wrap-up — Threat Predictions

Threats seem to be top of mind for the masses of late—with three large-scale attacks on major brands already this year, potentially compromising the financial data and identity of millions. And things don’t show signs of slowing down. Each year, security threats become more sophisticated and difficult to identify, with 2014 expected to be the same. Cybercriminals are constantly looking for new avenues of penetration into enterprise systems and consumer data, while security professionals across the board are wondering where the next attack will come from and how they’ll combat the growing variety of potential breaches aimed at their network and endpoint defenses.

Mobile malware, ransomware, social attacks, and big data topped our list. However, while compiling the report, we decided that we probably weren’t the only security professionals with predictions. So on January 30th, we hosted a Twitter chat with Adam Wosotowsky, McAfee Labs Anti-Spam Operations Technology Principal and Ryan Sherstobitoff, McAfee Labs Threat Researcher, to spark conversation around the topic.

For about an hour, security professionals and other interested individuals gathered on Twitter to talk shop around a variety of security issues—from big data to high-profile breaches. Below are some highlights from the chat.

What are your security predictions?

We started off by opening the floor to anyone who wanted to share their own ideas on 2014 threats. We saw two common threads emerge. First, a number of security professionals cited specific types of attacks they predicted to be on the rise in 2014.

Meanwhile, another conversation was arising around “psychological threats.” The topic that got the most attention was @securelexicon’s thoughts on what he referred to as “apathy.”

Next, the group delved into specific types of attacks mentioned by participants and in the report.

Target, Neiman Marcus, what’s next?

2014 started off with a bang for the information security community, with the high-profile breaches of Target, Neiman Marcus, and Michaels Stores. We asked our participants if this was a sign of bigger attacks to come.

Most participants saw the number of high-profile breaches as an indicator that companies weren’t doing enough to maximize their customers’ security. @VirtualTal said that companies were simply concerned with compliance, and not actually securing their data. @aamirlakhani and@SCADAhacker agreed that companies should invest in “detection and response and not just prevention.”

It wasn’t all negative however, as @RickChrisos was quick to suggest that perhaps these headline-grabbing breaches will open the eyes of big organizations, resulting in increased security for the future.

Advanced Malware, Big Data, and IoT

Three of the biggest trends discussed during our #SecChat related to emerging technologies, and how the security industry will have to respond to these developments.

First, we asked the group about their biggest challenge regarding advanced malware. Many participants, such as @Wh1t3Rabbit and @jtyrus, thought the biggest issue is that it continues to be difficult to detect. The consensus was that the security community will need to go further in looking for vulnerabilities and providing penetration tests. @GetZeroFOX had a theory on why we continue to see the amount of advanced malware grow.

The conversation on advanced malware transitioned to a discussion on big data. Some participants, such as @TomGarcia_IS saw big data and cloud applications as overall threats to company security. Others, such as @aamirlakhani see big data as an opportunity.

Finally, we discussed one of 2014’s hottest topics to date – “the Internet of Things.” While IoT can be an exciting trend for consumers, most security professionals view it as a concern, as there are still more than a few security vulnerabilities present in new “smart” devices.

Overall, last week’s #SecChat was quite the interesting snapshot of where threats are expected to be headed in 2014. To stay up-to-date on the latest in security news and issues, be sure to follow #SecChat host @McAfeeBusiness on Twitter. Also, feel free to check out the entire #SecChat transcript here and read our predictions here.